1. Technical Field
The invention relates to secure end-to-end transactions. More particularly, the invention relates to a broker entity having a high-speed embedded firewall, a message-processing router, secure session protocol, transport management, and integrated intrusion detection in a single-chip format.
2. Description of the Prior Art
Computer networks and related devices, such as smart cards, are established media for conducting electronic commerce (e-commerce) and other types of transactions. As with any industry having to do with commerce, the providers of the e-commerce industry technology continually strive to maintain the integrity and validity of the financial transactions for the comfort of users. These systems typically are widely distributed (anywhere in the world) and transmit highly confidential information. There are many security gaps in prior art solutions. In addition, the providers of the e-commerce technology strive to maintain a superior level of speed and efficiency for the user, while keeping the technology development environment up-to-date. Thus, it is currently a challenge to provide a technology that can perform complete, open standards-based, high-speed, and highly secure financial transactions to the satisfaction of users. InterTrust Technologies Corp. (“InterTrust”) (Santa Clara, Calif.) teaches software access control mechanisms in the standard (standalone computer) as well as the embedded hardware space in a family of disclosures. For example, K. L. Ginter, V. H. Shear, F. J. Spahn, and D. M. Van Wie, Systems and Methods for Secure Transaction Management and Electronic Rights Protection, U.S. Pat. No. 6,427,140 (Jul. 30, 2002) disclose electronic appliances such as computers equipped in such a way as to help ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. The disclosures teach electronic appliances providing a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control stored or disseminated information, for example. According to Ginter, et al, distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node.
T. C. Williams, Multi-level Security Network System, U.S. Pat. No. 6,304,973 (Oct. 16, 2001) discloses a network which prevents unauthorized users from gaining access to confidential information. The network has various workstations and servers connected by a common medium and through a router to the Internet. The network has two major components, a Network Security Center (NSC) and security network interface cards or devices. The NSC is an administrative workstation through which the network security officer manages the network as a whole as well as the individual security devices. The security devices are interposed, between each of workstation, including the NSC, and the common medium and operate at a network layer (layer 3) of the protocol hierarchy. The network allows trusted users to access outside information, including the Internet, while stopping outside attackers at their point of entry. At the same time, the network limits an unauthorized insider to information defined in their particular security profile. The user may select which virtual network to access at any given time. The result is trusted access to multiple secure Virtual Private Networks (VPN), all from a single desktop machine.
Williams focuses on the multi-level secure VPN space with some access control capability based on the actual content of the network data stream running through the device. That is, Williams is limited in that it teaches simply a filter encompassing the notion of a multi-level secure VPN for network secures VPNs that filters and allows access for network connections based on data content.
Lucent teaches secure gathering and monitoring of web server logs, currently implemented within many products in the marketplace today. It should be appreciated that the Lucent disclosure is limited by being Web-based and its log entries are not secure.
It would be advantageous to create a secure end-to-end financial transactional messaging environment in an integrated package leveraging complete, open standards-based, high-speed and highly secure technology which integrates a firewall, VPN, intrusion detection and tamper resistant audit; secure logging, and fault tolerance over IP networks.
It would also be advantageous to provide multiple simultaneous transactions, which are multilevel and secure by having application objects running inside a broker entity as multilevel secure streams enter and leave, thereby a providing more sophisticated technology than mere filtering.